After 3-4 hours struggling to make it public so here we go.. MyEja, the Bahasa Malaysia dictionary for spell-checking in Firefox and Thunderbird

The open-source Firefox Add-on MyEja for spell-checking supports Firefox and Thunderbird platform-independently. It is based on the OpenOffice Extension “Kamus Bahasa Malaysia (Malay Dictionary)”. The contents of the dictionaries are untouched and is in original state in the initial release of MyEja . The latest versions of Firefox and Thunderbird are also supported. MyEja was founded by me and it is the second initiative project from Mozilla Malaysia Community.

😀 First of all, i would like to say sorry to those who have read my previous entry (that has been removed; but thanks to Google people can still read it :P)

It was my fault; and here is the story 😛

I’ve been working on something and I simply create a file named aaaaaa.html on my tmp folder. Suddenly I found the FD challenge and decided to play around. I’ve copied the JS into aaaaaaa.html (with an extra ‘a’) and shamelessly tough that I’ve analyze the right file. Without further verification, i straightaway blog about it. LOL!

P/S: the same method used on the correct FD’s JS and again I’m able to decode it without getting my hand dirty. I’ll only share it publicly once I stop working on my JS-obfuscation-related-project.

Maybe you’ve heard about iDefense Lab and Zero Day Initiative before.. If no, please stop reading the rest of this entry bacause you might not understand what I’m tryin’ to say.

Yes I’m trying to establish something similar to iDefense Lab and Zero Day Initiative but the difference is, I’m not gonna sell the bugs and PoC. And.. No exploit will be released to the public as well. To me, it is all about fun and ethical.

Personally I’ve found a few 0days during my Uni time & working time

2007 – Local Uni’s web apps – [dah kantoi]

2007 – Local Uni’s web apps – [dah kantoi]

2008 – Friend’s CMS (blog) – [dah kantoi]

2008 – Friend’s CMS (fyp) – [dah alert admin & dah kantoi]

2009 – Famous hypermarket’s web apps – [dah alert admin]

2009 – Big local company’s web apps – [dah alert admin]

2009 – Foreign Uni (faculty) web apps – [hurm… :D]

2009 – Local Uni (faculty) web apps – [dah alert admin]

All bugs I’ve found in 2007 & 2008 have been abused by me but starting in 2009, the vulnerabilities found have been informed to the developer/admin for further action.

Starting from next 2 weeks, I’m going to hunt more 0days in a proactive manner and in ethical way. My area of interest will be the web applications. Alert will be sent to the vendor and general advisories will be released to the public. ‘Hunting’ is not the problem now, but ‘trademark’, timeline, alerting and advisories are the current issues for me.. I’m going to consult one of the oldtimer in this area next week to seek for his advice.

Good luck to me. Till next time..

[updated]

My colleague in UIA inform me that he wants to be part of the project and gonna focus in modules/components. Thanks mate